{ pkgs, ... }:
let
  yaml = pkgs.formats.yaml { };
in
{
  services.prometheus = {
    exporters = {
      blackbox = {
        enable = true;
        listenAddress = "127.0.0.1";
        configFile = yaml.generate "blackbox.yaml" {
          modules = {
            http_2xx = {
              prober = "http";
              timeout = "5s";
              http.preferred_ip_protocol = "ip4";
            };

            turn_server = {
              prober = "tcp";
              timeout = "5s";
              tcp = {
                preferred_ip_protocol = "ip4";
                source_ip_address = "116.202.158.55";
                tls = true;
              };
            };
          };
        };
      };

      # Periodically check domain registration status
      domain = {
        enable = true;
        listenAddress = "127.0.0.1";
        extraFlags =
          let
            conf.domains = [
              "tlater.net"
              "tlater.com"
            ];
          in
          [ "--config=${yaml.generate "domains.yml" conf}" ];
      };

      # System statistics
      node = {
        enable = true;
        listenAddress = "127.0.0.1";
      };
      systemd = {
        enable = true;
        listenAddress = "127.0.0.1";
        extraFlags = [
          # Disabled by default because only supported from systemd 235+
          "--systemd.collector.enable-restart-count"
          "--systemd.collector.enable-ip-accounting"
        ];
      };

      # Various nginx metrics
      nginx = {
        enable = true;
        listenAddress = "127.0.0.1";
      };
    };

    # TODO(tlater):
    #   - wireguard (?)
    #   - postgres (?)
    #   - ssl_exporter (?)
  };

  services.dbus.implementation = "broker";
}